Storesprite Ecommerce Installation HelpHaving trouble installing? This is the one for you.

Sponsored Links

IMPORTANT NOTICE

We kindly ask that all forum users respect the following:
We would appreciate it if you could be patient. Please help each other and most of all take some time to search for the answer to your question! It is very rare that we get a new question so invariably the answer will be here somewhere! Thank you!

I am unsure if this is a SS issue with a backdoor in somewhere. But I received the email from google below. I can still access ftp fine and my host so it seems some code has somehow been injected somewhere rather than a password compromise. I am unsure if this is a hosting issue, storesprite issue. Any pointers or anyone else with a similar problem?

Dear site owner or webmaster

We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.

Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):

We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious advertiser

If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:http://www.stopbadware.org/home/security

Are you able to give us any more information so that we can take a look (via PM if you like).

I know of 1 storesprite site that had a similar issue - probably over a year ago but after looking into it we concluded that it was not related to code injection but a server compromise (eg. weak or divulged credentials).

Of course we are happy to cast an eye over this for you as we'd like to know if there is a storesprite vulnerability so that we can patch it and / or rule storesprite out as the problem!

What version of SS is it running and what php version? Do you have access to the server logs? Is there a shell login related to the account etc etc....

Upon a bit of my own digging someone mentioned about permissions. I double checked mine private/config and they are incorrect they are set to read write execute to all of them ( I am unsure if this was missed when I restored a backup recently) and whether this could be the source of the problem as I know they should be READ only. Also what should the file permissions be on the htaccess file e.g. mine is currently set at 644. Are there any other files that I should double check permissions on that may be vunerable?

Should I restore a previous backup and set permissions correctly and see if that cures the problem.

I will PM more info later if the above does not seem a source of the problem. Many thanks.

Code was injected into around a third of the website pages on the site. It was on the homepage and others. The code was 20 lines of javascript which was viewable when looking at the pagesource, which somehow allowed viruses to be uploaded to the visitors computer without them knowing. Thankfully google spotted this and action was able to be taken. I am unsure how this was uploaded etc. Is it be possible to upload code if the permissions were at 777 without ftp access, if so what method could be used?

I've seen attacks like this several times. Change the password of used to access
1. strengthen password to your hosting account
2. strengthen password to your server
3. if possible don't use ftp, it's not secure. instead use sftp.